Issue:
I'm attempting to gain access to my Linksys 9100EM router. Yes, I know the password to it. However, I'm a pen-tester in training and want to learn how to gain information/access in a more nefarious way.

Open Ports: 69,80,443

Goal: Force the router to give me configuration details (preferrably the entire configuration file), the serial number, and any other details about firmware installed - I would like to accomplish this Via BACKTRACK or command line operations.

I've attempted to telnet into it. Was unable to cause the router to "show" any information and am continually forcibly logged off.
I successfully connected via TFTP. However, "GET (router name).conf/.cfg" timed out.

Note: This is my personal router. I'm not trying to hack anyone. Also, I've exhausted google, BACKTRACK forums, and Hacking Exposed 6th edition and have yet to find any pertinant information in this matter.